Physical breaches can take on various forms such as
unauthorised individuals gaining access to the physical sever itself;
individuals connecting their own devices into the office network;
or individuals using an unattended employee workstation to access
the company network.

Understand how your database server reside within the network
topology. Is it directly accessible publically; is it isolated from
external facing application servers; are communications to/from
itself using SSL for data exchange and is a firewall being used to
restrict communications.

Know your server configuration. Is the SQL instance
discoverable on the network; are the SQL services using a
non-standard port; are unnecessary services disabled; is the
SQL administrator account (sa) disabled and which authentication
methods are used, Windows, SQL or both.

Weak passwords can severely compromise your data. Ensure
password complexity is configured; be sure to enforce the use of
password complexity and within applications, encrypt
passwords instead of storing them in plain text.

Database backup security is often overlooked, but vital. Ensure
local/remote backup locations are adequately secured; use
encryption when performing backups and be sure to restrict access
to certificates/keys used by encryption processes.